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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). tn no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 22 September 2003 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) ^ Claim(s) 1^9 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) 13 Claim(s) P9 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) [3 The specification is objected to by the Examiner. 

10)E3 The drawing(s) filed on 09 November 2000 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)H Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1) |3 Notice of References Cited (PTO-892) 

2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 
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Paper No(s)/Mail Date 6. 9. 10 . 
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5) O Notice of Informal Patent Application (PTO-1 52) 
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DETAILED ACTION 

1. Claims 1-9 are pending in the application. 

2. Claims 1-9 have been rejected. 

Specification 

3. Applicant is reminded of the proper language and format for an abstract of the disclosure. 

The abstract should be in narrative form and generally limited to a single paragraph on a 
separate sheet within the range of 50 to 150 words. It is important that the abstract not exceed 
150 words in length since the space provided for the abstract on the computer tape used by the 
printer is limited. The form and legal phraseology often used in patent claims, such as "means" 
and "said," should be avoided. The abstract should describe the disclosure sufficiently to assist 
readers in deciding whether there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information given in the 
title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," 
"The disclosure defined by this invention," "The disclosure describes," etc. 

The abstract exceeds the 150-word limit. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 

basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
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reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AEPA 
35 U.S.C. 102(e)). 

4. Claims 1, 2 and 4 are rejected under 35 U.S.C. 102(b) as being anticipated by Hoseit et 
al U.S. Patent No. 5,475,365. 

As to claim 1, Hoseit et al discloses transmitting to the first sensor information about the 
second sensor's belief state [column 2, lines 2-23]. Hoseit discloses adjusting a prior belief state 
of the first sensor. Hoseit discloses that the adjustment is based at least in part on the second 
sensor's belief state [column 11, lines 5-35]. 

As to claim 2, Hoseit discloses that the first and second sensors are different types of 
sensors [column 1 line 66 to column 2 line 23], 

As to claim 4, Hoseit discloses transmitting to the first sensor all or part of the belief of 
the second sensor regarding an apparent normal, degraded or compromised state of a monitored 
resource. Hoseit discloses adjusting a prior belief state of the first sensor so that an erroneous 
transaction with the degraded or compromised resource does not generate an alarm [column 12, 
lines 13-37]. 

5. Claim 5 is rejected under 35 U.S.C. 102(b) as being anticipated by Harrison U.S. Patent 
No. 5,517,429. 

As to claim 5, Harrison discloses transmitting to the first sensor all or part of the belief of 
the second sensor regarding the existence or validity of services supported on monitored 
computer system resources [column 6, lines 48-58]. Harrison discloses adjusting a prior belief 
state of the first sensor so that an attempted communication with a nonexistent system service or 
resource appears suspicious [column 7, lines 5-40]. 
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6. Claims 6-9 are rejected under 35 U.S.C. 102(b) as being anticipated by Noorhosseini et 
al U.S. Patent No. 6,707,795 Bl. 

As to claim 6, Noorhosseini et al discloses identifying a set of potentially similar features 
shared by a new alert and one or more existing alert classes [column 3 line 54 to column 4 line 
3]. Noorhosseini et al discloses comparing the new alert to one or more existing alert classes 
[column 9, lines 31-56], Noorhosseini et al discloses adjusting the comparison by an expectation 
that certain feature values will or will not match [column 10, lines 8-47]. Noorhosseini et al 
discloses associating the new alert with the existing alert class that the new alert most closely 
matches [column 9, lines 31-56]. 

As to claim 7, Noorhosseini et al discloses receiving a new alert [column 3 line 54 to 
column 4 line 3]. Noorhosseini et al discloses identifying a set of potentially similar features 
shared by the new alert and one or more existing alert classes, as discussed above. Noorhosseini 
et al discloses updating a similarity expectation for one or more feature values [column 10, lines 
8-47], Noorhosseini et al discloses comparing the new alert with one or more alert classes, as 
discussed above. Noorhosseini et al discloses associating the new alert with the existing alert 
class that the new alert most closely matches, as discussed above. 

As to claim 8, Noorhosseini et al discloses passing each existing alert class through a 
transition model to generate a new prior belief state for each alert class [column 10, lines 27-36], 

As to claim 9, Noorhosseini et al discloses generating a group of feature records for a 
new alert. Noorhosseini et al discloses that each feature record includes a list of observed values 
for its corresponding feature [column 3 line 54 to column 4 line 3]. Noorhosseini et al discloses 
identifying a set of potentially similar features shared by the new alert and one or more existing 
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alert classes that: are associated with previous alerts, as discussed above. Noorhosseini et al 
discloses comparing the new alert to one or more alert classes, as discussed above. Noorhosseini 
et al discloses adjusting the comparison by an expectation that certain feature values will or will 
not match, as discussed above. Noorhosseini et al discloses associating the new alert with the 
existing alert class that the new alert most closely matches, as discussed above. 

Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Hoseit et al U.S. 
Patent No. 5,475,365 as applied to claim 1 above, and further in view of Timm U.S. Patent 
No. 5,440,498. 

As to claim 3, Hoseit et al does not teach that the first sensor is a probabilistic sensor. 

Timm teaches a probabilistic sensor in intrusion detection systems [column 5, lines 7-46]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Hoseit et al so that the first sensor would have 
been a probabilistic sensor. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Hoseit et al by the teaching of Timm because it provides 
that ability to compare the effectiveness of any security element or group of elements of the 
security system with another element or group of elements. Not only does this method reveal the 



Application/Control Number: 09/71 1,323 Page 6 

Art Unit: 2131 

less effective security elements of a system, but also it can be employed to evaluate whether 
proposed additions to a security system would enhance protection of the facility and, if so, by 
how much [column 2, lines 16-29]. 

Conclusion 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K Moorthy whose telephone number is 703-305-1373. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Aravind K Moorthy ffo)P<T/^^ 
A P ri113 ' 2004 AYAZ SHEIKH 

SUWWCRV PATENT EXAMMB* 
TECHNOLOGY CENTER 2100 



